In June last year, France’s landmark new anti-corruption law, known as Sapin II, came fully into effect. Two major innovations of Sapin II were the creation of (i) a new anticorruption authority (Agence Française anticorruption or AFA) and (ii) new compliance duties, placed on certain organisations, to prevent and detect acts which may constitute criminal offences such as corruption or influence peddling.
With regard to the latter, the AFA was given a mandate to issue guidance on the new compliance obligations under Sapin II.
Following a public consultation on the draft guidance, on December 22, 2017 the AFA released the formal guidance (‘Guidelines to help private and public sector entities prevent and detect corruption, influence peddling, extortion by public officials, unlawful taking of interest, misappropriation of public funds and favouritism’). See here for the guidelines in English.
These guidelines, although non-binding, are closely monitored by the AFA and are inspired by international standards—so much of it will be familiar to those used to dealing with similar guidance issued in relation to the FCPA or the UK Bribery Act. The guidelines also provide some welcome clarification on the scope of Sapin II and on the measures relevant organizations should implement to comply with the new compliance duty. Of particular note:
extra-territorial scope: even though the duty of compliance set out in Sapin II relates only to organisations reaching certain thresholds in terms of their size, the guidelines are aimed at a wide range of legal entities established in France – either public or private –including French subsidiaries of foreign groups. They also apply to all the aforementioned entities, regardless of where they operate – including abroad, when they are not subject to more demanding anti-corruption provisions;
risk mapping: the guidelines adopt a pragmatic approach so that an entity’s risk map may be flexible enough to identify, analyze and rank the organization’s exposure to any risk related to bribery. Notably, the risk map is a formal document which must be ready for ‘immediate submission to officials’ from the AFA;
third-party due diligence: despite criticisms and reservations expressed during the consultation phase, the guidelines widen the scope of the assessment of third-parties initially set out in Sapin II – which may lead to quite detailed due diligence processes; and
anti-corruption code of conduct: Organizations should implement a code of conduct that must be incorporated or annexed to the internal rules of the company, with the prior consultation of the company’s employees representative, as it is required by French law. This code will apply to all staff and should be updated when there is a significant change in the risk mapping.
Careful consideration should be given to these guidelines, alongside any further clarification the AFA produces in the future.